uncomment to require auth-email header (#1604)

src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs

@@ -50,13 +50,12 @@ namespace Bit.Core.IdentityServer
 
         public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
         {
-            // Uncomment whenever we want to require the `auth-email` header
+            if (!AuthEmailHeaderIsValid(context))
-            //if (!AuthEmailHeaderIsValid(context))
+            {
-            //{
+                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant,
-            //    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant,
+                    "Auth-Email header invalid.");
-            //        "Auth-Email header invalid.");
+                return;
-            //    return;
+            }
-            //}
 
             string bypassToken = null;
             if (_captchaValidationService.RequireCaptchaValidation(_currentContext))